Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/937b2471-6f6f-4d9d-8cf3-952b6ce657f1/2fa14ed92f6e05757b171a5552b9ad7ce59ee221.roa
File:                     2fa14ed92f6e05757b171a5552b9ad7ce59ee221.roa (raw, json)
Hash identifier:          WM0UwNPun2WefGNL32JQh/KS0AfiFKYQ4RPJ4zZ/0O0=
Subject key identifier:   AB:C9:81:38:6A:61:88:34:FE:21:24:F8:DD:AB:1C:F3:CF:09:4E:60
Certificate issuer:       /CN=1d425e0701077d9b4ed04e706fd74259f8427776
Certificate serial:       83A0
Authority key identifier: EE:3A:B8:1F:3C:A7:02:64:5E:C4:73:74:7E:A0:F4:B3:9E:7C:FB:92
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/1d425e0701077d9b4ed04e706fd74259f8427776.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/937b2471-6f6f-4d9d-8cf3-952b6ce657f1/2fa14ed92f6e05757b171a5552b9ad7ce59ee221.roa
Signing time:             Tue 24 May 2022 19:53:49 +0000
ROA not before:           Tue 24 May 2022 03:00:00 +0000
ROA not after:            Fri 24 May 2024 03:00:00 +0000
asID:                     263735
IP address blocks:        138.59.204.0/22 maxlen: 22
                          138.219.172.0/22 maxlen: 22
                          168.227.140.0/22 maxlen: 22
                          170.83.232.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/937b2471-6f6f-4d9d-8cf3-952b6ce657f1/1d425e0701077d9b4ed04e706fd74259f8427776.crl
                          rsync://repository.lacnic.net/rpki/lacnic/937b2471-6f6f-4d9d-8cf3-952b6ce657f1/1d425e0701077d9b4ed04e706fd74259f8427776.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/1d425e0701077d9b4ed04e706fd74259f8427776.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 01 Apr 2024 05:58:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 33696 (0x83a0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d425e0701077d9b4ed04e706fd74259f8427776
        Validity
            Not Before: May 24 03:00:00 2022 GMT
            Not After : May 24 03:00:00 2024 GMT
        Subject: CN=2fa14ed92f6e05757b171a5552b9ad7ce59ee221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8a:9b:b8:f9:15:e7:7b:54:28:9e:d9:84:64:
                    cd:45:60:5b:3b:9f:e5:97:82:87:be:e1:16:3f:19:
                    5f:d9:96:cc:9d:ed:62:e4:de:5c:db:c7:11:a7:ae:
                    c6:84:05:07:bf:a7:35:c4:34:6f:ee:53:02:0c:a6:
                    c9:cd:05:61:be:a5:2c:5b:0d:f2:78:54:b0:33:3d:
                    3f:ed:4c:47:c4:15:39:35:ce:55:b0:c7:a1:b0:fe:
                    c3:4a:bf:48:a1:98:89:76:4c:7c:6c:91:9a:62:2e:
                    f8:c3:18:b1:ad:b0:2a:3d:f6:e2:cd:a4:85:f4:db:
                    5c:70:31:b4:72:ea:80:30:07:0d:15:56:f4:65:56:
                    9d:3c:91:db:e4:8c:96:17:3c:75:59:34:be:51:08:
                    81:6c:c0:53:9d:b9:dc:b0:0a:c4:a0:ab:b1:fd:0f:
                    10:1a:14:8f:28:09:ee:95:4e:53:f2:4e:d5:28:6f:
                    81:b1:53:61:ea:d3:d7:98:33:98:d6:f3:10:3b:32:
                    8c:a8:be:c8:b6:25:b8:2c:55:b5:b6:f0:1c:8d:b5:
                    19:5f:17:d0:bd:1d:dc:bf:d1:19:a1:0c:fc:d2:a5:
                    91:55:55:1b:8e:4c:a8:a7:3d:71:47:87:a6:e4:b5:
                    76:f9:c1:c5:e5:59:48:56:98:e7:32:52:bb:93:84:
                    38:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:C9:81:38:6A:61:88:34:FE:21:24:F8:DD:AB:1C:F3:CF:09:4E:60
            X509v3 Authority Key Identifier:
                keyid:EE:3A:B8:1F:3C:A7:02:64:5E:C4:73:74:7E:A0:F4:B3:9E:7C:FB:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/1d425e0701077d9b4ed04e706fd74259f8427776.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/937b2471-6f6f-4d9d-8cf3-952b6ce657f1/2fa14ed92f6e05757b171a5552b9ad7ce59ee221.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/937b2471-6f6f-4d9d-8cf3-952b6ce657f1/1d425e0701077d9b4ed04e706fd74259f8427776.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.59.204.0/22
                  138.219.172.0/22
                  168.227.140.0/22
                  170.83.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:70:13:f3:ca:b7:32:f6:c6:8c:70:fe:ca:e6:cc:dc:0c:18:
         fc:93:f2:b4:55:30:bd:ee:99:c3:04:06:e3:73:9f:be:14:97:
         e2:25:6c:29:c2:52:91:e0:ef:70:8c:80:09:a9:51:c4:84:85:
         c6:f2:13:2e:54:b0:b7:68:eb:ac:5f:2c:da:f9:d8:99:83:01:
         73:80:aa:b0:0d:b2:4b:18:fd:b9:9f:fc:24:2a:5a:bf:9a:20:
         94:4d:f4:cf:53:bb:ee:53:e5:42:87:11:99:1c:48:fc:97:55:
         30:77:11:0c:ae:1f:df:89:16:cf:9c:64:64:d4:69:1a:bb:46:
         20:e2:a5:52:32:68:0e:73:20:6f:b7:a9:f9:4f:cc:28:7f:d9:
         01:f3:1a:d6:d2:bc:8e:ec:19:a2:8a:60:ba:a6:01:a2:ac:44:
         c1:51:31:d6:e1:6b:67:07:89:37:9e:02:b7:fd:5f:df:12:80:
         f1:8e:11:8b:3d:b8:8e:69:a3:92:e0:41:db:f0:3f:00:86:cc:
         a4:22:15:29:25:77:d8:d3:39:a8:d4:71:76:e7:e8:fb:56:36:
         30:35:b9:cd:fa:f3:3d:9d:39:15:c9:9a:17:f5:02:a7:2c:fc:
         6d:22:c2:1a:d2:f1:5b:3e:b0:50:cf:45:72:b4:57:e7:2b:c8:
         d2:62:dc:a5
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgIDAIOgMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDFk
NDI1ZTA3MDEwNzdkOWI0ZWQwNGU3MDZmZDc0MjU5Zjg0Mjc3NzYwHhcNMjIwNTI0
MDMwMDAwWhcNMjQwNTI0MDMwMDAwWjAzMTEwLwYDVQQDEygyZmExNGVkOTJmNmUw
NTc1N2IxNzFhNTU1MmI5YWQ3Y2U1OWVlMjIxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAkoqbuPkV53tUKJ7ZhGTNRWBbO5/ll4KHvuEWPxlf2ZbMne1i
5N5c28cRp67GhAUHv6c1xDRv7lMCDKbJzQVhvqUsWw3yeFSwMz0/7UxHxBU5Nc5V
sMehsP7DSr9IoZiJdkx8bJGaYi74wxixrbAqPfbizaSF9NtccDG0cuqAMAcNFVb0
ZVadPJHb5IyWFzx1WTS+UQiBbMBTnbncsArEoKux/Q8QGhSPKAnulU5T8k7VKG+B
sVNh6tPXmDOY1vMQOzKMqL7ItiW4LFW1tvAcjbUZXxfQvR3cv9EZoQz80qWRVVUb
jkyopz1xR4em5LV2+cHF5VlIVpjnMlK7k4Q40QIDAQABo4ICbTCCAmkwHQYDVR0O
BBYEFKvJgThqYYg0/iEk+N2rHPPPCU5gMB8GA1UdIwQYMBaAFO46uB88pwJkXsRz
dH6g9LOefPuSMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMWQ0MjVl
MDcwMTA3N2Q5YjRlZDA0ZTcwNmZkNzQyNTlmODQyNzc3Ni5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvOTM3YjI0NzEtNmY2Zi00ZDlkLThjZjMtOTUyYjZj
ZTY1N2YxLzJmYTE0ZWQ5MmY2ZTA1NzU3YjE3MWE1NTUyYjlhZDdjZTU5ZWUyMjEu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy85MzdiMjQ3MS02ZjZmLTRkOWQtOGNmMy05NTJi
NmNlNjU3ZjEvMWQ0MjVlMDcwMTA3N2Q5YjRlZDA0ZTcwNmZkNzQyNTlmODQyNzc3
Ni5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQi
MCAwHgQCAAEwGAMEAoo7zAMEAorbrAMEAqjjjAMEAqpT6DANBgkqhkiG9w0BAQsF
AAOCAQEAXXAT88q3MvbGjHD+yubM3AwY/JPytFUwve6ZwwQG43OfvhSX4iVsKcJS
keDvcIyACalRxISFxvITLlSwt2jrrF8s2vnYmYMBc4CqsA2ySxj9uZ/8JCpav5og
lE30z1O77lPlQocRmRxI/JdVMHcRDK4f34kWz5xkZNRpGrtGIOKlUjJoDnMgb7ep
+U/MKH/ZAfMa1tK8juwZoopguqYBoqxEwVEx1uFrZweJN54Ct/1f3xKA8Y4Riz24
jmmjkuBB2/A/AIbMpCIVKSV32NM5qNRxdufo+1Y2MDW5zfrzPZ05FcmaF/UCpyz8
bSLCGtLxWz6wUM9FcrRX5yvI0mLcpQ==
-----END CERTIFICATE-----
Generated at Fri Mar 29 11:25:44 2024 by rpki-client on console-fra.rpki-client.org